hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13772 from atorralba/atorralba/java/inputstream-wrapper-read-step

Browse Source 
Java: Add taint steps for InputStream wrappers
This commit is contained in:
Tony Torralba
2023-07-31 11:12:43 +02:00
committed by GitHub
parent e534afe634 6c0d47f122
commit 41f1315da9
12 changed files with 249 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
java/ql/test/library-tests/dataflow/stream-read/A.java Normal file
View File

@@ -0,0 +1,139 @@
import java.io.InputStream;
import java.io.IOException;
public class A {
private static InputStream source() {
return null;
}
private static void sink(Object s) {}
static class MyStream extends InputStream {
private InputStream wrapped;
MyStream(InputStream wrapped) {
this.wrapped = wrapped;
}
@Override
public int read() throws IOException {
return 0;
}
@Override
public int read(byte[] b) throws IOException {
return wrapped.read(b);
}
}
public static void testSeveralWrappers() {
InputStream src = source();
InputStream wrapper1 = new MyStream(src);
sink(wrapper1); // $ hasTaintFlow
InputStream wrapper2 = new MyStream(wrapper1);
sink(wrapper2); // $ hasTaintFlow
InputStream wrapper3 = new MyStream(wrapper2);
sink(wrapper3); // $ hasTaintFlow
InputStream wrapper4 = new InputStream() {
@Override
public int read() throws IOException {
return 0;
}
@Override
public int read(byte[] b) throws IOException {
return wrapper3.read(b);
}
};
sink(wrapper4); // $ hasTaintFlow
}
public static void testAnonymous() throws Exception {
InputStream wrapper = new InputStream() {
@Override
public int read() throws IOException {
return 0;
}
@Override
public int read(byte[] b) throws IOException {
InputStream in = source();
return in.read(b);
}
};
sink(wrapper); // $ hasTaintFlow
}
public static void testAnonymousVarCapture() throws Exception {
InputStream in = source();
InputStream wrapper = new InputStream() {
@Override
public int read() throws IOException {
return 0;
}
@Override
public int read(byte[] b) throws IOException {
return in.read(b);
}
};
sink(wrapper); // $ hasTaintFlow
}
public static InputStream wrapStream(InputStream in) {
return new InputStream() {
@Override
public int read() throws IOException {
return 0;
}
@Override
public int read(byte[] b) throws IOException {
return in.read(b);
}
};
}
public static void testWrapCall() {
sink(wrapStream(null)); // $ SPURIOUS: hasTaintFlow
sink(wrapStream(source())); // $ hasTaintFlow
}
public static void testLocal() {
class LocalInputStream extends InputStream {
@Override
public int read() throws IOException {
return 0;
}
@Override
public int read(byte[] b) throws IOException {
InputStream in = source();
return in.read(b);
}
}
sink(new LocalInputStream()); // $ hasTaintFlow
}
public static void testLocalVarCapture() {
InputStream in = source();
class LocalInputStream extends InputStream {
@Override
public int read() throws IOException {
return 0;
}
@Override
public int read(byte[] b) throws IOException {
return in.read(b);
}
}
sink(new LocalInputStream()); // $ hasTaintFlow
}
}

2
java/ql/test/library-tests/dataflow/stream-read/test.expected Normal file
View File

@@ -0,0 +1,2 @@
failures
testFailures

2
java/ql/test/library-tests/dataflow/stream-read/test.ql Normal file
View File

@@ -0,0 +1,2 @@
import TestUtilities.InlineFlowTest
import DefaultFlowTest